Home / Vulnerability Intelligence / CVE-2026-28519

CVE-2026-28519 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 17, 2026

arduino-TuyaOpen - Buffer Overflow

Published: March 16, 2026Updated: March 17, 2026

Overview

arduino-TuyaOpen < 1.2.1 contains a heap-based buffer overflow caused by malicious DNS responses in the DnsServer component, letting attackers on the same LAN execute arbitrary code, exploit requires LAN DNS server control.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.5%(Probability of exploitation in next 30 days)

Impact

Attackers controlling LAN DNS can execute arbitrary code on affected embedded devices, leading to full device compromise.

Mitigation

Update to version 1.2.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-28519 - High (8.8) arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28519/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28519
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 1.5%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.5%Probability of exploitation in the next 30 days